Companies adhere to data privacy laws for protecting private data. A general requirement for data privacy laws is to only use private data for the particular business purposes for which it was created, and to otherwise delete the data as soon as practical. Often private data cannot be deleted because of local or federal regulations regarding legal retention periods. When legal retention periods apply, retained private data is required to be blocked to restrict access to this data. After the retention period, the private data may be deleted from the relevant system(s).
To comply with data privacy laws, companies establish processes for blocking access to the private data after expiration of a residence time, and for deletion thereof upon expiration of a data retention time. But in multiple system landscapes where a plurality of systems have access to the data for various purposes, it would be advantageous to establish a mechanism for managing the blocking of data in the multiple systems.